-
Notifications
You must be signed in to change notification settings - Fork 0
156 lines (149 loc) · 5.14 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
name: CI
on:
push:
tags:
- '*'
branches:
- master
- develop
pull_request:
permissions:
contents: write # to publish artifacts
jobs:
test:
runs-on: ubuntu-latest
services:
postgres:
image: postgres
ports:
- 5432:5432
env:
POSTGRES_USER: postgres
POSTGRES_PASSWORD: iglusecret
POSTGRES_DB: testdb
POSTGRES_PORT: 5432
options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5
steps:
- uses: actions/checkout@v2
- uses: coursier/cache-action@v6
- name: Set up JDK 11
uses: actions/setup-java@v1
with:
java-version: 11
- name: Check Scala formatting
if: ${{ always() }}
run: sbt scalafmtCheckAll
- name: Check assets can be published
if: ${{ always() }}
run: sbt publishLocal
- name: Check that we can assemble fat jars
run: sbt "set assembly / test := {}" assembly
- name: Run tests
run: sbt +test
github_release:
needs: test
if: startsWith(github.ref, 'refs/tags/')
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: coursier/cache-action@v6
- name: Set up JDK 11
uses: actions/setup-java@v1
with:
java-version: 11
- name: Get current version
id: ver
run: echo "::set-output name=tag::${GITHUB_REF#refs/tags/}"
- name: Assemble fat jars
run: sbt "set assembly / test := {}" assembly
- name: Create GitHub release and attach artifacts
uses: softprops/action-gh-release@v1
with:
draft: true
prerelease: ${{ contains(steps.ver.outputs.tag, 'rc') }}
name: ${{ steps.ver.outputs.tag }}
tag_name: ${{ steps.ver.outputs.tag }}
files: |
target/scala-2.12/iglu-server-${{ steps.ver.outputs.tag }}.jar
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# publish_to_docker:
# needs: test
# if: startsWith(github.ref, 'refs/tags/')
# runs-on: ubuntu-latest
# steps:
# - uses: actions/checkout@v2
# - uses: coursier/cache-action@v6
# - name: Set up JDK 11
# uses: actions/setup-java@v1
# with:
# java-version: 11
# - name: Docker login
# run: docker login -u $DOCKER_USERNAME -p $DOCKER_PASSWORD
# env:
# DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
# DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
# - name: Get current version
# id: ver
# run: echo "::set-output name=tag::${GITHUB_REF#refs/tags/}"
# - name: Get app base directory (distroless)
# id: baseDirectoryDistroless
# run: |
# export BASE_DIRECTORY_DISTROLESS=$(sbt "project igluServerDistroless" baseDirectory -Dsbt.log.noformat=true | sed -n '/\[info\]/ s/\[info\] //p' | tail -1 | tr -d '\n')
# echo "::set-output name=directory::$BASE_DIRECTORY_DISTROLESS"
# - name: Stage the Docker build
# run: sbt "project igluServer" docker:stage
# - name: Stage the Docker distroless build
# run: sbt "project igluServerDistroless" docker:stage
# - name: Docker metadata
# id: meta
# uses: docker/metadata-action@v3
# with:
# images: snowplow/iglu-server
# tags: |
# type=raw,value=latest,enable=${{ !contains(steps.ver.outputs.tag, 'rc') }}
# type=raw,value=latest-focal,enable=${{ !contains(steps.ver.outputs.tag, 'rc') }}
# type=raw,value=${{ steps.ver.outputs.tag }}
# type=raw,value=${{ steps.ver.outputs.tag }}-focal
# flavor: |
# latest=false
# - name: Docker metadata distroless
# id: meta-distroless
# uses: docker/metadata-action@v3
# with:
# images: snowplow/iglu-server
# tags: |
# type=raw,value=latest-distroless,enable=${{ !contains(steps.ver.outputs.tag, 'rc') }}
# type=raw,value=${{ steps.ver.outputs.tag }}-distroless
# flavor: |
# latest=false
# - name: Set up QEMU
# uses: docker/setup-qemu-action@v1
# - name: Set up Docker Buildx
# uses: docker/setup-buildx-action@v1
# - name: Push image
# uses: docker/build-push-action@v2
# with:
# context: target/docker/stage
# platforms: linux/amd64,linux/arm64/v8
# tags: ${{ steps.meta.outputs.tags }}
# push: true
# - name: Push distroless image
# uses: docker/build-push-action@v2
# with:
# context: ${{ steps.baseDirectoryDistroless.outputs.directory }}/target/docker/stage
# platforms: linux/amd64,linux/arm64/v8
# tags: ${{ steps.meta-distroless.outputs.tags }}
# push: true
# - name: Build local distroless image, which is needed to run Snyk
# if: ${{ !contains(steps.ver.outputs.tag, 'rc') }}
# run: sbt "project igluServerDistroless" docker:publishLocal
# - name: Run Snyk to check for vulnerabilities
# uses: snyk/actions/docker@master
# if: ${{ !contains(steps.ver.outputs.tag, 'rc') }}
# with:
# image: "snowplow/iglu-server:${{ steps.ver.outputs.tag }}-distroless"
# args: "--app-vulns --org=data-processing-new"
# command: monitor
# env:
# SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}